Britain has an IT skills gap problem, not unlike its American cousin's, as well as nearly every other nationality. Besides technical experts, society needs psychologists, law enforcers, strategists, risk managers, lawyers and accountants with cyber know-how.
The White House cybersecurity coordinator, National Security Agency director and top officials from the departments of Commerce, Homeland Security and Justice have scheduled a briefing on the administration's cybersecurity policy the day after President Obama delivers his State of the Union address.
President Obama devoted 26 words to cybersecurity in his 2012 State of the Union address. What will he say this year? We asked IT security experts to play speechwriter, and here's what they would have the president say to Congress on cybersecurity.
"We felt that it was very important to come out with this and say this was how easy it is for them to break into any U.S. company, and here's how they're doing it," The New York Times' Nicole Perlroth says.
"We're going to have to find a way to address the interests of other states to ... find common ground," Secretary of State John Kerry says. "We're just going to have to dig into it a lot deeper. I don't have a magic silver bullet to throw at you here today."
Gov. Nikki Haley devoted nearly 10 percent of her State of the State address to cybersecurity, responding to public outrage over a breach of South Carolina's tax system that exposed the records of nearly 4 million taxpayers.
If we're at war, the fight so far is unbalanced, and the U.S. should be grateful its cyberspace adversary is Iran. "We're probably not very prepared for a virtual conflict against a really competent state, such as Russia or China," says Rand Corp.'s Martin Libicki.
Like the cartoonish Kilroy peeking his head over a wall during World War II, unemployment among IT security professionals has bared its head. But don't take these stats as gospel. The data suggest 'full employment' reigns in the infosec community of workers.
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
President Obama has proclaimed December as Critical Infrastructure Protection and Resilience Month, and is using that declaration to continue his campaign to get Congress to enact comprehensive cybersecurity legislation.
The leaders in Congress on cybersecurity matters are the chairs of the committees that have jurisdiction over IT security. In both houses, chairmanship changes mean new lawmakers will lead legislative initiatives on cybersecurity in the 113th Congress.
South Carolina's Revenue Department went nearly a year without a chief information security officer before its tax system was hacked this summer. The agency's chief says the state couldn't find a qualified candidate for the job that pays $100,000 a year.